METHOD AND SYSTEM FOR CALCULATING RISK IN ASSOCIATION WITH A 
SECURITY AUDIT OF A COMPUTER NETWORK 

5 Abstract of the Disclosure 

Calculating risk based on information collected during a security audit of a computing 
network. The computer network is surveyed to determine the significance of elements in the 
network and to identify vulnerabilities associated v^th the elements. Using this information, the 
10 security audit system calculates a risk value for each vulnerability. The risk value is a function 
of the asset value, the probability that the vulnerability will be exploited, and the potential 
severity of damage to the network if the vulnerability is exploited. The risk value can be 
adjusted based on the ease with which the vulnerability can be fixed. A network element may 
f5 have one or more risk values associated with it based on one or more vulnerabilities. The 
j: js security audit system employs a band calculation method for summing risk values and 
computmg a single security score for the element. The band calculation method can also be used 
l^l to produce a security score for a group of elements. The band calculation method produces a 
; ^ more accurate score for comparing elements and groups of elements throughout a network. 
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